Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | |||
|
|
Solution Type Troubleshooting Sure Solution 1020860.1 : KMS - Diagnosing Agent Issues
PreviouslyPublishedAs 266188
Applies to:Oracle Key Manager - Version: 1.1.0 and later [Release: 1.0 and later]Oracle Key Manager - Version: 2.3 and later [Release: 2.0 and later] All Platforms Checked for relevance on 3-Feb-2011. PurposeDiagnosing KMS Agent Issues.Last Review DateFebruary 3, 2011Instructions for the ReaderA Troubleshooting Guide is provided to assist
in debugging a specific issue. When possible, diagnostic tools are included in the document
to assist in troubleshooting.
Troubleshooting DetailsSteps to FollowTake the following steps to resolve Agent issues: What type of Drive: - LTO4/LTO5, Go to Step B - T10000 or 9840D, continue. Crypto LED Green? - Yes, Drive is not licensed for Encryption. - Flashing, Encryption has been reset. - No, continue. Crypto LED Amber? - Solid, Encryption capable (licensed) but needs media keys. For KMS 1.x this drive has not been recognized by a legitimate OKT. For KMS 2.x see VOP : encryption tab : needs tab. (This is normal for KMS 2.x if the drive is not loaded and has the needed key. Insure a tape is loaded in the drive.) Proceed to Step C. - Flashing, need device keys and should only be seen in KMS 1.x. This usually indicates out of sync condition that will require EKT to be re-written for this drive only. Read token in KMS for error message. KMS 2.x has no flashing amber. - No, Continue. Crypto LED Red? - Solid, Encryption enabled. In 1.x this means ready to encrypt, in 2.x this means drive loaded and has key. Proceed to Step C. - Blinking, Encryption enabled, in active state, at previous codes. Currently this will be solid red - No Red LED, Drive is not Encryption capable, EXIT. Crypto LED Cycling: The LED is cycling through all colors. This indicates the tape drive is “zeroed,” unusable, and must be returned. Step B: LTO Drive: Crypto LED Green? - Solid Green, Dione card is booting, Wait. Solid is booting or non-error condition of drive loaded and has key. Proceed to Step C. - No Green LED on. Drive is not Encryption capable, or is not loaded with a key. EXIT. Step C: Does VOP display keys needed? - Yes, Identify why this key(s) unavailable to drive. - No, continue. Magma Box Tests successful? - Yes, Re-diagnose issue. Beyond scope of this instruction. - No/Don't Know, continue. Pertinent KMS Audit logs have entries? - Yes, Diagnose error message and escalate as needed. Refer to page 235, KMS 2.1 Administration Guide, 1/30/09 Rev. A, 316195102 for further information. - No, Diagnose Application/System Logs and escalate as needed. Note: VOP diagnostics will run on an encrypted drive but require a dump tape to run on. If a dump is needed you will have to extract it with VOP since the drive can not write a dump tape until a future code is available, somewhere around x.44 code. The dump tape will have to have been written on a non-encrypted drive because current code does not permit T-Series drives to write a dump tape. The dump tape can be used over and over, but must be written the first time on a non-encrypted drive. (8-20-09) Note: Refer to page 24, T10000 Operator’s Guide, September 2009 Revision ED, PN96174 for complete information on the LED status. Product Sun StorageTek Crypto Key Management Station 1.0 Sun StorageTek Crypto Key Management Station 2.0 Diagnose, Troubleshoot, Trouble shoot, Agent, Crypto LED, KMS, KMA, Encryption, 1.x 1.0, 2.x 2.1, 2.0 Attachments This solution has no attachment |
||||||||||||
|